I think as a design exercise, if someone has that kind of bandwidth, this
could be fun. We wouldn't want to duplicate the region level API at the
regionserver level, that will make it interesting. However, like Gary said
in his response, the reason it is not done so now for the AccessController
is because much (most) context for making an access control decision is at
the region level.
For TokenProvider, it could make sense to have only one per RS, however it
is an Endpoint based service and currently only region coprocessors can be
endpoints. Plumbing endpoint invocations to regionserver level observers
and reimplementing TokenProvider as an endpoint service there sounds like a
clean subset of the work to try out.
On Wed, May 15, 2013 at 10:13 AM, Matteo Bertozzi
> Is there a reason to not have them as RegionServer coprocessors (loaded
> only once per RS)?
Problems worthy of attack prove their worth by hitting back. - Piet Hein
(via Tom White)